Description
How to Draft an Effective Incident
Response Plan
March 2, 2016
The best way to handle any emergency is to be prepared.
Authors/Presenters
When it comes to data breaches, incident response plans
are the first step organizations take to prepare.
Furthermore, many organizations are required to maintain
one. For example, any organization that accepts payment
cards is most likely contractually required to adopt an
incident response plan.
A good incident response plan does not attempt to predict
every type of breach that may occur. Rather, the
David A. Zetoony
Partner
Boulder, Colorado
david.zetoony@bryancave.com
fundamental components of an incident response plan
are that it establishes the framework for who within an
organization is responsible for investigating a security
incident, what resources that person has at his or her
disposal (inside and outside of the organization), and
when a situation should be elevated to others within the
organization.
They can also provide a reference guide for the type of actions common to most security Joshua A. James Associate Washington, DC josh.james@bryancave.com investigations. What are organizations' top concerns when it comes Page 1 of 3 . to incident response plans? 1. The plan has little relationship to how the organization actually handles security incidents. 2. The plan has never been tested. 3. The plan does not cover all of the issues that arise in a data security incident. Checklist for drafting an effective incident response plan: 1.
The plan assigns a specific person or group to lead an investigation. 2. The plan provides a clear plan for escalating information about an incident. 3. The plan discusses the need for preserving evidence. 4.
The plan incorporates legal where appropriate to preserve attorney-client privilege. 5. The plan discusses how the organization will communicate externally concerning an incident. 6. The plan includes contact information for internal resources. 7.
The plan includes contact information for pre-approved external resources. 8. The plan is reviewed annually. 9. The plan is tested. The following provides snapshot information concerning incident response plans. $17/record 22% The amount one study suggests having a Percentage of companies that have no written incident response plan lowers the cost incident response plan.2 of a data breach.1 78% 17% Percentage of companies with a plan that have Percentage of companies that are not no scheduled review or have never reviewed sure if their plan is effective.4 the plan.3 Page 2 of 3 .
[1] Ponemon Institute, Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness, p. 1 (September 2014), http://www.experian.com/assets/data-breach/brochures/2014-ponemon-2nd-annualpreparedness.pdf. [2] Id. [3] Id. at 21. [4] Id. at 4. RELATED PRACTICES Antitrust and Competition Data Privacy and Security Team Page 3 of 3 .
They can also provide a reference guide for the type of actions common to most security Joshua A. James Associate Washington, DC josh.james@bryancave.com investigations. What are organizations' top concerns when it comes Page 1 of 3 . to incident response plans? 1. The plan has little relationship to how the organization actually handles security incidents. 2. The plan has never been tested. 3. The plan does not cover all of the issues that arise in a data security incident. Checklist for drafting an effective incident response plan: 1.
The plan assigns a specific person or group to lead an investigation. 2. The plan provides a clear plan for escalating information about an incident. 3. The plan discusses the need for preserving evidence. 4.
The plan incorporates legal where appropriate to preserve attorney-client privilege. 5. The plan discusses how the organization will communicate externally concerning an incident. 6. The plan includes contact information for internal resources. 7.
The plan includes contact information for pre-approved external resources. 8. The plan is reviewed annually. 9. The plan is tested. The following provides snapshot information concerning incident response plans. $17/record 22% The amount one study suggests having a Percentage of companies that have no written incident response plan lowers the cost incident response plan.2 of a data breach.1 78% 17% Percentage of companies with a plan that have Percentage of companies that are not no scheduled review or have never reviewed sure if their plan is effective.4 the plan.3 Page 2 of 3 .
[1] Ponemon Institute, Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness, p. 1 (September 2014), http://www.experian.com/assets/data-breach/brochures/2014-ponemon-2nd-annualpreparedness.pdf. [2] Id. [3] Id. at 21. [4] Id. at 4. RELATED PRACTICES Antitrust and Competition Data Privacy and Security Team Page 3 of 3 .
